A dynamic symmetric key generation at wireless link layer: information-theoretic perspectives

Abstract

The expansion of wireless communication introduces security vulnerabilities, emphasizing the essential need for secure systems that prioritize confidentiality, integrity, and other key aspects of data protection. Since computational security acknowledges the possibility of breaches when adequate computational resources are available, that is why information-theoretic security is being explored, which suggests the existence of unbreakable cryptographic systems even in the presence of limitless processing power. Secret key exchange has traditionally relied on RSA or DH protocols, but researchers are now exploring innovative approaches for sharing secret keys among wireless network devices, leveraging physical or link layer characteristics. This research seeks to revolutionize secure multi-party key acquisition in wireless networks, capitalizing on information-theoretic security and collaborative data extraction. The proposed secret key generation framework comprehensively organizes and explains the information-theoretic aspects of secret key generation within the lower layers of wireless networks, especially the link layer, proposes a novel information-theoretic SKG framework for the dynamic acquisition of symmetric secret keys, and responds to contemporary information security challenges by relying on information-theory principles rather than vulnerable mathematical relationships in the post-quantum period. A new cryptographic key can be generated using a straightforward method, and when it is combined (XORed) with the previous key, it creates a continuously changing secret for encryption and decryption. This approach enhances security because, as attackers attempt to break the encryption, the system generates fresh, dynamic keys, making it progressively more challenging for them to succeed. The research work in question integrates key renewal, or how often keys are updated (dynamic keys), with a security off-period. It introduces a framework for determining the best key refresh rate based on the anticipated rate at which keys might be compromised. Furthermore, the proposed framework is scalable, allowing new nodes to quickly join the existing network. The system was tested with multiple nodes equipped with IEEE 802.11 interfaces, which were set in monitor mode to capture frames at the link layer. Nodes map their on-time frames onto their Bloom filters. Nodes exchange these Bloom filters in a feedback mechanism. Nodes extract those frames from their .pcap files, which are present in all Bloom filters; these are common frames among all nodes. These frames are used to form a shared secret that is passed to HMAC Key Derivation Function by each node to acquire the final encryption key of the required length. The validation of this encryption key is performed using a simple challenge-response protocol; upon successful validation, encrypted communication begins. Otherwise, the key generation process is restarted.